CVE-2021-27771

User SID can be modified resulting in an Arbitrary File Upload or deletion of directories causing a Denial of Service. When interacting in a normal matter with the Sametime chat application, users hold a cookie containing their session ID (SID). This value is also used when sending chat messages, receiving notifications and/or transferring files.

CVSS v3 7.6 HIGH
CVSS v2.0 6.5 MEDIUM

7.6^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 4.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

6.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097430	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:hcltech:sametime:11.6:*:*:*:*:*:*:*

History

24 May 2022, 18:53

Type	Values Removed	Values Added
CWE		CWE-434
References	~~(MISC) https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097430 -~~	(MISC) https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097430 - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 6.5 v3 : 7.6
CPE		cpe:2.3:a:hcltech:sametime:11.6:::::::*
First Time		Hcltech Hcltech sametime

12 May 2022, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-05-12 22:15

Updated : 2023-12-10 14:22

NVD link : CVE-2021-27771

Mitre link : CVE-2021-27771

CVE.ORG link : CVE-2021-27771

JSON object : View

Products Affected

hcltech

sametime

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2021-27771", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 4.7, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "psirt@hcl.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 5.3, "exploitabilityScore": 2.3}]}, "published": "2022-05-12T22:15:11.880", "references": [{"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097430", "tags": ["Vendor Advisory"], "source": "psirt@hcl.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-434"}]}, {"type": "Secondary", "source": "psirt@hcl.com", "description": [{"lang": "en", "value": "CWE-22"}, {"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "User SID can be modified resulting in an Arbitrary File Upload or deletion of directories causing a Denial of Service. When interacting in a normal matter with the Sametime chat application, users hold a cookie containing their session ID (SID). This value is also used when sending chat messages, receiving notifications and/or transferring files."}, {"lang": "es", "value": "El SID del usuario puede ser modificado resultando en una Carga Arbitraria de Archivos o borrado de directorios causando una Denegaci\u00f3n de Servicio. Cuando interact\u00faan de manera normal con la aplicaci\u00f3n de chat de Sametime, los usuarios mantienen una cookie que contiene su ID de sesi\u00f3n (SID). Este valor tambi\u00e9n es usado cuando son enviados mensajes de chat, son recibidas notificaciones y/o son transferidos archivos"}], "lastModified": "2022-05-24T18:53:48.537", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hcltech:sametime:11.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B6E07B1-4DD8-4D9C-8DC1-063FEAD8BA52"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@hcl.com"}